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CLAIMS 

WE CLAIM: 

1 . In a system having multiple security channels, a method of 
modifying an entry in a security association database, the method associated with 
each channel comprising: 

determining whether another of the multiple security channels has a higher 
priority to access a security association database structure located at a 
predetermined address location in the security association database; 

retrieving the security association data structure from the predetermined 
address location when no other security channel has a higher priority to do so; 

modifying the retrieved security association data structure; and 

writing the modified security association data structure to the 
predetermined address location in the security association database. 

2. The method of Claim 1 , wherein the step of determining whether 
another of the multiple security channels has a higher priority to retrieve the 
security association data structure comprises: 

requesting access to the predetermined address location; 

assigning a weight value to the request based on a sequential order of the 
request relative to access requests made by other of the security channels; and 

granting the access request to the security channel with the highest 
assigned weight value. 

3. The method of Claim 2, wherein the step of requesting access 
comprises setting a request bit in a control register. 

4. The method of Claim 3, wherein the step of granting the access 
request comprises setting a grant bit in the control register. 
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5. The method of Claim I, wherein the step of writing the modified 
security assocation data structure to the predetermined address location comprises: 

writing the modified security assocation data structure to a write buffer 
prior to writing it to the predetermined address location; and 

writing the modified security association data structure to the 
predetermined address location from the write the buffer. 

6. The method of Claim 5, wherein the step of requesting access 
comprises setting a request bit in a control register, and wherein the method 
further comprises: 

resetting the request bit prior to writing the modified security association 
data structure to the predetermined address location from the write buffer. 

7. The method of Claim 5, further comprising: 

determining whether the write buffer is busy prior to writing the modified 
security association data structure thereto. 

8. The method of Claim 1, further comprising: 

storing the retrieved security assocation data structure in a local memory; 

and 

modifying the retrieved security association data structure in the local 
memory. 

9. The method of Claim 1 , further comprising: 

storing the predetermined address location of the retrieved security 
association data structure in a register. 

10. In a system having multiple security channels, a method of 
modifying an entry in a security association database, the method associated with 
each channel comprising: 
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requesting access to a predetermined address location in the security 
association database; 

assigning a weight value to the request based on a sequential order of the 
request relative to access requests to the predetermined address location made by 
other of the security channels; 

retrieving the security association data structure from the predetermined 
address location when the channel has a higher priority request relative to the 
other security channel requests; 

modifying the retreived security association data structure; and 

writing the modified security association data structure to the 
predetermined address location in the security association database. 

1 1 . The method of Claim 1 0, wherein the step of requesting access 
comprises setting a request bit in a control register. 

12. The method of Claim 10,wherein the security association data 
structure is retrieved in response to setting a grant bit in the control register. 

1 3 . The method of Claim 1 0, wherein the step of writing the modified 
security assocation data structure to the predetermined address location comprises: 

writing the modified security assocation data structure of to a write buffer 
prior to writing it to the predetermined address location; and 

writing the modified security association data structure to the 
predetermined address from the write the buffer. 

14. The method of Claim 13, wherein the step of requesting access 
comprises setting a request bit in a control register, and wherein the method 
further comprises: 

resetting the request bit prior to writing the modified security association 
data structure to the predetermined address location from the write buffer. 
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1 5 . The method of Claim 1 3 , further comprising: 

determining whether the write buffer is busy prior to writing the modified 
security association data structure thereto. 

16. The method of Claim 10, further comprising: 

storing the retrieved security assocation data structure in a local memory; 

and 

modifying the retrieved security association data structure . 

17. The method of Claim 10, further comprising: 

storing the predetermined address location of the retrieved security 
association data structure in a register. 

18. In a system having multiple security channels, a method of 
modifying an entry in a security association database, the method associated with 
each channel comprising: 

requesting access to a predetermined address location in the security 
association database; 

assigning a weight value to the request based on a sequential order of the 
request relative to access requests to the predetermined address location made by 
other of the security channels; 

retrieving the security association data structure from the predetermined 
address location when the channel has a higher priority request relative to the 
other security channel requests; 

modifying the retrieved security association data structure; 

determining whether a write buffer is busy; 

writing the modified security association data structure to the write buffer 
when it is not busy; and 
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writing the modified security association data structure to the 
predetermined address location in the security association database from the write 
buffer. 



5 1 9. In a system having multiple security channels, a controller for 

managing access to an entry in a security association database, the controller 
comprising: 

a register circuit including a plurality of first registers each individually 
communicating with one of the multiple security channels and each operable to 
1 0 receive a request, from its associated security channel, to retrieve a security 

association data structure located at a predetermined address in the security 
association database; and 

an arbiter circuit communicating with the register circuit and operable (i) 
to prioritize, from highest to lowest priority, the retrieval requests received by 
15 each of the first registers and (ii) to grant the retrieval request to the security 

channel having the highest priority. 



20. The controller of Claim 19, wherein the register circuit further 
comprises: 

20 a plurality of second registers each individually communicating with one 

of the multiple security channels and each operable to receive, from its associated 
security channel, the predetermined address of the security association data 
structure for which retrieval access is requested by its associated security channel. 

25 21. The controller of Claim 1 9, wherein the register circuit further 

comprises: 

a plurality of third registers each individually communicating with one of 
the multiple security channels and each operable to receive, from its associated 
security channel, an updated security association data structure. 

30 
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22. The controller of Claim 19, further comprising: 

a plurality of write buffer circuits each individually communicating with 
one of the multiple security channels and each operable to (i) receive a modified 
security association data structure from its associated security channel and (ii) 
write the modified security association data structure to the address location of the 
retrieved security association data structure, in response to the arbiter circuit 
subsequently granting a retrieval request to another of the multiple security 
channels. 

23 . The controller of Claim 22, wherein each of the write buffer 
circuits comprises a FIFO register. 

24. The controller of Claim 22, further comprising: 

a plurality of write buffer controller circuits each individually 
communicating with the register circuit and with one of the write buffer circuits 
and each operable to (i) determine whether its associated write buffer is available 
to receive the modified security association data structure and (ii) allow its 
associated write buffer to receive the modified security association data structure 
only when the write buffer is available. 

25. The controller of Claim 24, wherein the register circuit further 
comprises: 

a plurality of fourth registers each individually communicating with one of 
the write buffers and one of the write buffer controllers, 

wherein each of the fourth registers operable to receive a busy/not-busy 
status bit of the write buffer controller and wherein the determination of whether 
each of the write buffer controller circuits associated write buffer is available is 
based on the busy/not-busy status bit. 

26. The controller of Claim 1 9, wherein the arbiter circuit comprises: 
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a weight control logic circuit operable to assign a weight value to each of 
the retrieval requests received by each of the first registers; 

a grant tree logic circuit coupled to the weight control logic circuit and 
operable to (i) determine which of the first registers has a highest weight value 
and (ii) generate a grant signal for the first register with the highest weight value; 
and 

a grant logic circuit coupled to receive the grant signal from the grant tree 
logic circuit and, in response thereto, set a grant bit in the first register having the 
highest weight value. 

27. In a system having multiple security channels, a controller for 
managing access to an entry in a security association database, the controller 
comprising: 

a register circuit including a plurality of first registers each individually 
communicating with one of the multiple security channels and each operable to 
receive a request, from its associated security channel, to retrieve a security 
association data structure located at a predetermined address in the security 
association database; 

an arbiter circuit communicating with the register circuit and operable (i) 
to prioritize, from highest to lowest priority, the retrieval requests received by 
each of the first registers and (ii) to grant the retrieval request to the security 
channel having the highest priority; and 

a plurality of write buffer circuits each individually communicating with 
one of the multiple security channels and each operable to (i) receive an updated 
security association data structure from its associated security channel and (ii) 
write the modified security association data structure to the address location of the 
retrieved security association data structure, in response to the arbiter circuit 
subsequently granting a retrieval request to another of the multiple security 
channels. 
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28. The controller of Claim 27, wherein the register circuit further 
comprises: 

a plurality of second registers each individually communicating with one 
of the multiple security channels and each operable to receive, from its associated 
5 security channel, the predetermined address of the security association data 

structure for which retrieval access is requested by its associated security channel. 

29. The controller of Claim 27, wherein the register circuit further 
comprises: 

1 0 a plurality of third registers each individually communicating with one of 

the multiple security channels and each operable to receive, from its associated 
security channel, an updated security association data structure. 

30. The controller of Claim 27, further comprising: 

1 5 a plurality of write buffer controller circuits each individually 

communicating with the register circuit and with one of the write buffer circuits 
and each operable to (i) determine whether its associated write buffer is available 
to receive the modified security association data structure and (ii) allow its 
associated write buffer to receive the modified security association data structure 

20 only when the write buffer is available. 

3 1 . The controller of Claim 30, wherein the register circuit further 
comprises: 

a plurality of fourth registers each individually communicating with one of 
25 the write buffers and one of the write buffer controllers, 

wherein each of the fourth registers operable to receive a busy/not-busy 
status bit of the write buffer controller and wherein the determination of whether 
each of the write buffer controller circuits associated write buffer is available is 
based on the busy/not-busy status bit. 

30 

QBPHX\21 1 139.901 07V1 550748.2 



26 



32. The controller of Claim 27, wherein the arbiter circuit comprises: 
a weight control logic circuit operable to assign a weight value to each of 

the retrieval requests received by each of the first registers; 

a grant tree logic circuit coupled to the weight control logic circuit and 
operable to (i) determine which of the first registers has a highest weight value 
and (ii) generate a grant signal for the first register with the highest weight value; 
and 

a grant logic circuit coupled to receive the grant signal from the grant tree 
logic circuit and, in response thereto, set a grant bit in the first register having the 
highest weight value. 

33. In a system having multiple security channels, a controller for 
managing access to an entry in a security association database, the controller 
comprising: 

a register circuit including a plurality of first registers each individually 
communicating with one of the multiple security channels and each operable to 
receive a request, from its associated security channel, to retrieve a security 
association data structure located at a predetermined address in the security 
association database; 

an arbiter circuit communicating with the register circuit and operable (i) 
to prioritize, from highest to lowest priority, the retrieval requests received by 
each of the first registers and (ii) to grant the retrieval request to the security 
channel having the highest priority, the arbiter circuit comprising: 

a weight control logic circuit operable to assign a weight value to 

each of the retrieval requests received by each of the first registers; 

a grant tree logic circuit coupled to the weight control logic circuit 

and operable to (i) determine which of the first registers has a highest 

weight value and (ii) generate a grant signal for the first register with the 

highest weight value; and 
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a grant logic circuit coupled to receive the grant signal from the 
grant tree logic circuit and, in response thereto, set a grant bit in the first 
register having the highest weight value; 

and 

a plurality of write buffer circuits each individually communicating with 
one of the multiple security channels and each operable to (i) receive an updated 
security association data structure from its associated security channel and (ii) 
write the modified security association data structure to the address location of the 
retrieved security association data structure, in response to the arbiter circuit 
subsequently granting a retrieval request to another of the multiple security 
channels. 

34. In a system having multiple security channels, a controller for 
managing access to an entry in a security association database, the controller 
comprising: 

a weight control logic circuit operable to assign a weight value to retrieval 
requests received by the controller from the multiple security channels; 

a grant tree logic circuit coupled to the weight control logic circuit and 
operable to (i) determine which of the retrieval requests has a highest weight value 
and (ii) generate a grant signal for the retrieval request with the highest weight 
value; and 

a grant logic circuit coupled to receive the grant signal from the grant tree 
logic circuit and, in response thereto, grant the retrieval request to the security 
channel having the highest weight value. 

35. A computer-readable medium containing computer executable 
code for instructing one or more security channels in a computer system having 
multiple security channels to modify an entry in a security association database, 
the instructions comprising: 
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determining whether another of the multiple security channels has a higher 
priority to access a security association database structure located at a 
predetermined address location in the security association database; 

retrieving the security association data structure from the predetermined 
address location when no other security channel has a higher priority to do so; 

modifying the retrieved security association data structure; and 

writing the modified security association data structure to the 
predetermined address location in the security association database. 
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